IBM Closes Mail Holes

Monday, July 30, 2012 @ 03:07 PM gHale

IBM patched two security flaws in the mail filters of Lotus Protector for Mail Security and Proventia Network Mail Security.

A cross-site scripting (XSS) vulnerability allows an attacker to inject JavaScript code into the browser of an administrator with an active session on the system. The other vulnerability allows administrators to gain access to files on a server that they should not have access to.

IBM patched both vulnerabilities for versions 2.5.x, 2.8.x and later of the affected products. Users with older versions of the software must upgrade to version 2.5.x before they can install the patch.

IBM has also patched a flaw in version 7.1 of its WebSphere MQ communication platform. The vulnerability allows users to access the queue manager even if they do not have privileges. They fixed this problem in Fix Pack 7.1.0.1 for WebSphere MQ.